Do you have a GNU/Linux computer hiding away on your school's or work's network? Does it not bother you that institutions often prevent you from directly accessing your computer via some IP address? Do you administer a simple server at a small private school whose router's port-forwardings are randomly reset?
Though likely to be incorrect, this is how I manage accessing computers behind any sort of NAT or firewall that I have no control over. I have yet to meet an NAT that disallows outgoing SSH connections, so I rely on outbound SSH connections working. Thus, I have a script that, in conjunction with a crond, gives me adequately reliable access to firewalled machines. It primarily uses SSH's -R option (reverse port-forwarding which could be stated as ``port-returning''(?) ). However, it is also useful for forwarding things like SMTP which Comcast (in Detroit) and schools often block because they don't want their students to act as mail zombies.
This project is very minimal and basically only intended to support my needs. However, if you are interested in expanding it or adding documentation, please contact me (ohnobinki). You may clone the repository from http://ohnopub.net/hg/insurgent; I have no plans for official tarballs/releases unless if people express interest. So...please contact me if you are interested in using this.
See normaldotcom's blog for simple setup instructions.
The current scripts are not designed to be installed system-wide. Also, settings are currently to be edited in the header of bin/insurgent.sh. The script is to be installed on the computer that is behind a firewall. I suggest that one adds a new user dedicated to insurgency on his server and on his firewalled computer. The script relies on ssh authentication being passwordless. The easiest way to do this is to generate a passwordless SSH key. Settings are documented inside of the script.
After the script is installed in the user's home-directory, it is time to set up the user's crontab. This can be done with:
$ crontab -e -u. A suggested crontab is included with the repo. The MAILTO="" line is to encourage crond to run the crontab. In some environments, crond likes to think that it's ``unsafe'' to try to send mail to the user who the crontab is installed for and thus refuses to run the crontab. If you know that this is not the case for your system, feel free to remove the line.
If you got this far and things don't work, please just bother ohnobinki about it.